CISO Global Summit | Nov. 17, 2020 | Scottsdale, AZ, USA

Register

PDF Download Agenda (PDF)

↓ Agenda Key

Keynote Presentation

Visionary speaker presents to entire audience on key issues, challenges and business opportunities

Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee." title="Keynote Presentations give attending delegates the opportunity to hear from leading voices in the industry. These presentations feature relevant topics and issues aligned with the speaker's experience and expertise, selected by the speaker in concert with the summit's Content Committee.

Executive Visions

Panel moderated by Master of Ceremonies and headed by four executives discussing critical business topics

Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members." title="Executive Visions sessions are panel discussions that enable in-depth exchanges on critical business topics. Led by a moderator, these sessions encourage attending executives to address industry challenges and gain insight through interaction with expert panel members.

Thought Leadership

Solution provider-led session giving high-level overview of opportunities

Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community." title="Led by an executive from the vendor community, Thought Leadership sessions provide comprehensive overviews of current business concerns, offering strategies and solutions for success. This is a unique opportunity to access the perspective of a leading member of the vendor community.

Think Tank

End user-led session in boardroom style, focusing on best practices

Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard." title="Think Tanks are interactive sessions that place delegates in lively discussion and debate. Sessions admit only 15-20 participants at a time to ensure an intimate environment in which delegates can engage each other and have their voices heard.

Roundtable

Interactive session led by a moderator, focused on industry issue

Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done." title="Led by an industry analyst, expert or a member of the vendor community, Roundtables are open-forum sessions with strategic guidance. Attending delegates gather to collaborate on common issues and challenges within a format that allows them to get things done.

Case Study

Overview of recent project successes and failures

Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions." title="Case Studies allow attending executives to hear compelling stories about implementations and projects, emphasizing best practices and lessons learned. Presentations are immediately followed by Q&A sessions.

Focus Group

Discussion of business drivers within a particular industry area

Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions." title="Focus Groups allow executives to discuss business drivers within particular industry areas. These sessions allow attendees to isolate specific issues and work through them. Presentations last 15-20 minutes and are followed by Q&A sessions.

Analyst Q&A Session

Moderator-led coverage of the latest industry research

Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst." title="Q&A sessions cover the latest industry research, allowing attendees to gain insight on topics of interest through questions directed to a leading industry analyst.

Vendor Showcase

Several brief, pointed overviews of the newest solutions and services

Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences." title="Taking the form of three 10-minute elevator pitches by attending vendors, these sessions provide a concise and pointed overview of the latest solutions and services aligned with attendee needs and preferences.

Executive Exchange

Pre-determined, one-on-one interaction revolving around solutions of interest

Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest." title="Executive Exchanges offer one-on-one interaction between executives and vendors. This is an opportunity for both parties to make key business contacts, ask direct questions and get the answers they need. Session content is prearranged and based on mutual interest.

Open Forum Luncheon

Informal discussions on pre-determined topics

Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch." title="Led by a moderator, Open Forum Luncheons offer attendees informal, yet focused discussions on current industry topics and trends over lunch.

Networking Session

Unique activities at once relaxing, enjoyable and productive

Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive." title="Networking opportunities take various unique forms, merging enjoyable and relaxing activities with an environment conducive to in-depth conversation. These gatherings allow attendees to wind down between sessions and one-on-one meetings, while still furthering discussions and being productive.

 

Sunday, November 15, 2020 - CISO Global Summit

2:00 pm - 6:00 pm

Optional Golf Outing

 

Monday, November 16, 2020 - CISO Global Summit

9:00 am - 11:00 am

Optional Guided Trail Hike

 

1:00 pm - 1:55 pm

Registration & Greeting

 

1:55 pm - 2:05 pm

Welcome and Opening Remarks

 

2:05 pm - 2:40 pm

Keynote Presentation

2020 Focus: The People

Successful IT executives focus on the people. It's important for IT executives to partner with UX, HR and employee experience teams to aid with the shift in workforce dynamics, bringing emerging technologies or AI interactions to high-value business engagement. 

Takeaways: 

  • Strategies for success through focus on the business software user  
  • How employee training contributes to software success  
  • Case studies for success building business engagement in the IT teams

Presented by:

Jeffrey Moore, Global Head of Cyber-Security, CISO, Novartis

 
 

2:45 pm - 3:20 pm

Keynote Presentation

The Next Phase of Cybersecurity

Today's digital technologies quickly become commodities, and adoption of emerging technologies provides only temporary edge and differentiation. To stay ahead, you must think bigger and take bigger risks. Do not make the technologies themselves the focal point, but the profound business transformations they make feasible. While these transformations offer organizations great benefits, they also offer extreme risks that must be accounted and planned for. 

Takeaways 

  • Get a leg up on next gen technologies 
  • High risk can yield high reward 
  • Focusing less on products and more on company alignment to them

 

3:20 pm - 3:30 pm

Afternoon Networking Coffee Break

 

3:30 pm - 3:55 am

Executive Exchange

 

Thought Leadership

Behind the Scenes at Black Hat: Where Evolution is the Best Solution

This session will bring you a behind the scenes look into the network at the Black Hat Security Briefings, often called "one of the most hostile networks in the world". Does reality actually match the hype? How do you design and deploy a network that's not only stable, but secure, for 20,000 of the industry's top minds? 

Join one of the designers of the Black Hat NOC where he'll answer these questions and more as we discuss how the network has evolved over 20+ years to keep pace with technology, attackers, and scale.

We'll also discuss some of the lessons learned from monitoring network activity at Black Hat, and what it helps us learn about the way security professionals conduct themselves on an open WiFi network. Spoiler Alert: It's poorly. We conduct ourselves poorly.

 

4:00 pm - 4:25 pm

Executive Exchange

 

Think Tank

Making Your Way Through the Fog of Cloud Computing in a Secure Path

What have we learned from a decade of cloud computing? What are the best practices that we should be taking into account as we take the next step on the digital transformation journey? We will discuss the full range of data center to cloud to hybrid cloud to fog and everything in between. 

 Takeaways  

  • Cloud computing has effectively been with us for a decade. There are clear learnings in the last 10 years that we should leverage as we implement new solutions. 
  • One size does not fit all. Effective solutions can range from a state of the art data center to a hybrid cloud to a fully implemented cloud solution. 
  • Security requirements must be considered on the various cloud implementation options.

Presented by:

Janet Heins, CISO, Royal Caribbean International

 

Think Tank

Third-Party Risk Management: It's complicated?.

Understanding the risks that your vendors and suppliers present to your organization is, well? it's complicated. Your business operations and strategic objectives depend on the relationships you have with your suppliers. Increased trends in data breaches and cybercrime is driving the urgency to understand risks your third-party suppliers and vendors expose to your business, and you need to be confident you have awareness of the cybersecurity posture of your suppliers. Performing proper due diligence is critical to protecting your organization while leveraging the successes of those relationships. A robust third-party cyber risk management program will support business stakeholders in the continual awareness and review of your third parties cybersecurity posture and how potential cybersecurity incidents might affect not only the third party, but your overall business operations as well. 

 Takeaways: 

  • Business and Cybersecurity leadership must partner to define a risk appetite for the organization, a process to prioritize third parties requiring assessment, and determine which risk indicators are most relevant to your business 
  • The program must analyze risk against the appetite, identify risk mitigations in place and be flexible to support ever changing vendor relationships (contracts, licenses, security incidents/breaches, margins, etc.) 
  • The approach must be wired to adequately re-assess vendors as required 
  • Metrics must be able to report digestible and actionable information to stakeholders to help drive vendor business decisions

Presented by:

Jim Kastle, CISO, Conagra Brands View details

 
 

Brian Hall, Head of Cyber Security Operations and Architecture, Conagra Brands

 

Julie Morrison, Head of Risk Management & Third-Party Cybersecurity Oversight & Governance, Conagra Brands

 
 

4:30 pm - 4:55 pm

Executive Exchange

 

Think Tank

Finally, Getting the Recognition That's Deserved!

All organizations, regardless of size, are continuously evolving through modern. Having an incident response plan and an effective cybersecurity strategy is not a luxury, but rather a requirement. Finally, security training for employees to improve their awareness is becoming the rule instead of the exception. Security is now establishing a permanent footprint within the software development lifecycle, with SecDevOps/DevSecOps processes to incorporate security at all layers of development. 

Takeaways 

  • Any organization can fall victim to a data breach 
  • Having a plan of action is essential to business survival 
  • Security has become a part of the conversation at nearly every level of an organization

Presented by:

Troy Wilkinson, Head of Cyber Security Data Analytics & Research, The Interpublic Group of Companies

 

Think Tank

Information Security Office & Information Systems Office "Finding Common Ground"

CIOs are facing increasing pressure to guide their companies to rapidly adopt new technologies and solutions to keep their companies competitive in their industry. CIOs, CISOs and Privacy Officers are facing increasing pressure to keep their company and its data safe and secure from all threats. Finding common ground takes careful and nuanced negotiations in order to avoid under or over securing technologies. 

Takeaways 

  • CIOs, CISOs and Privacy Officers are collectively facing pressures that could seem to be at cross purposes.  
  • CIOs, CISOs and Privacy Officers must work together to accomplish both their individual office goals but also the overarching organizational goals to thrive

Presented by:

Lisa Lafleur, BISO, VP Cyber DevOps, Raytheon

 
 

5:00 pm - 6:00 pm

Summit Networking Happy Hour

 

6:00 pm - 7:00 pm

Welcome Dinner and Entertainment

 

7:00 pm - 8:00 pm

After Dinner Networking Reception

 

Tuesday, November 17, 2020 - CISO Global Summit

8:00 am - 8:40 am

Registration & Networking Breakfast

 

8:40 am - 8:50 am

Welcome & Opening Remarks

 

8:55 am - 9:55 am

Executive Visions

Steering Cultural Change

An IT and IT security executive's role, goals and objectives have drastically changed over the years. Most leaders supervise teams and units beyond their IT and security departments. Due to these changes in responsibilities, their success is measured in greater business metrics. As a result, these roles have become both more attractive and more demanding. 

Takeaways: 

  • What are the significant changes regarding the role of the IT and security Executive 
  • How to keep up with the changing requirements 
  • How to properly measure an IT and security executive's success

 

10:00 am - 10:25 am

Executive Exchange

 

Think Tank

Supply and Demand: Closing the Growing Gap in Cybersecurity Skills

At a time when the threat landscape ever expanding, two out of three organizations worldwide claim to have a lack of the IT security staff needed. The need for cybersecurity professionals is at an all-time high. The deficit of qualified individuals has made the need for automated security tools more of a requirement than a desire in order to maintain a strong security foundation. Today's products and technologies can enable even small teams to appropriately secure multiple websites and applications, offering potential answers to the pressing recruitment issues. 


Takeaways 

  • There is a critical lack of qualified IT specialists
  • Staffing deficits increase the need for automated tools
  • New products can assist small teams facing big security challenges


Presented by:

Mark Cwynar, Vice President, Corporate Security, Republic Services

 

Think Tank

The Elephant in the Room, Data Breaches

In 2019, data breaches endured yet again as the largest security threat noted by organizations and IT security professionals alike. If data remains as a high valued commodity, ensuring data privacy and securing personal data will continue to be at the top of the list of an organization's concerns. The increases in privacy legislation, such as GDPR and CCPA, and the understanding of the ramifications stemming from a breach have allowed these concerns to remain heavily in the spotlight. Web application flaws have been identified as the top cause of data breaches. As such, establishing and maintaining web application security has developed into a high priority for all organizations.  

Takeaways

  • Data breaches are the biggest security concern
  • Data continues to be a high value asset but the need to protect it is even higher
  • New laws like GDPR and CCPA enforce consequences for failing to secure data

Presented by:

Michael Owens, Business Information Security Officer, Equifax

 
 

10:30 am - 10:55 am

Executive Exchange

 

Share:

Think Tank

Finding Kimo

Account Take Over (ATO) attacks have become a major issue for many retail and online services companies. To reduce the effectiveness of these attacks it's critical to remove the financial incentive from the attacker AND unmask the person who profited from selling the tools used for account take overs. Reducing the potential for monetizing their efforts and increasing the personal risk removes thousands of attackers equation. Unmasking the person who developed the account "checker" exposes him or her to law enforcement scrutiny further reduces the number of attackers using their tool or it's derivative. The GameStop CISO will discuss the process and tools used to track one of the more prolific developers of account checking software and uncover his true identity.

Presented by:

Jim Motes, Chief Information Security Officer, GameStop View details

 
 

Think Tank

Combating the Rise in Cloud-based Threats

As the cloud migration continues, securing data and critical infrastructure is going to require new approaches. Organizations have struggled to maintain control of critical data and ensure real-time threat intelligence, giving cloud-based threats the ability to multiply. Data buckets being misconfigured, or inadequately secured increases the risk of a breach. Being able to manually manage security for large web application infrastructures has become a thing of the past. As such, organizations are being pushed to reevaluate their approach to web application security. 

 Takeaways

  • The rise of cloud migration means security will need to adapt
  • Many organizations have struggled to secure data
  • Cybersecurity threats will only increase and become more complex

Presented by:

Don Kleoppel, Chief Security Officer, Cerner

 
 

10:55 am - 11:05 am

Networking Break

 

11:10 am - 11:35 am

Executive Exchange

 

Thought Leadership

Mobile-centric Zero Trust Security Framework

Traditional security models designed on the premise of organizations having a well-defined IT perimeter no longer apply in the perimeter-less world. Passwords based security, which assumed that users operated and accessed business information only form within the enterprise IT perimeter were adequate in the past. But in today's IT environment, where users are accessing information from a variety of untrusted devices, apps, networks, locations, and services - passwords alone are no longer sufficient. It should be no surprise that passwords are still the number 1 cause of data breaches. According to the Verizon Data Breaches Investigations report - 81% of breaches involved weak or stolen passwords. This is because passwords are easily compromised. 

In the reality of today's security world how does an organization protect itself? With a Zero Trust approach and framework to security. Zero trust assumes that bad actors are already in the network and secure access is determined by an 'always verify, never trust' approach. Zero trust approach requires that you verify the device, user, apps, networks, and presence of threats before granting access. In addition, you should have on-going enforcement. But with many theories about Zero trust how do you ensure you've taken the right approach. 

Takeaways: 

CIOs and CISOs face three big challenges: 

  • Drive business innovation with mobile productivity by giving employees the ability to use mobile, cloud, and endpoints. 
  • Enforce corporate security without impacting the user experience. 
  • Redefine enterprise security strategies to address a perimeter-less environment.
 

11:40 am - 12:05 pm

Executive Exchange

 

Share:

Think Tank

Automating Cybersecurity

IT security professionals all face one major issue: being asked to do more, with less resources. Automation and integration are a necessity in order to meet the demands of an organization's security needs. Managing risk without diminishing the speed and quality of development is achievable by integrating security into agile processes, like DevOps or CI/CD. Since most security teams are understaffed, automated solutions are becoming a requirement, rather than an option to properly manage the ever-increasing workload. 

Takeaways -

  • Automation is required to meet today's security demand
  • DevOps can operate more efficiently with CI/CD
  • IT security staff are responsible for more than ever

Presented by:

Chris Leigh, Director & Chief of Cyber Security, Eversource Energy View details

 
 

Think Tank

Your Old Sh** Doesn't Work Anymore

When is the last time you took a look at yourself and thought, "my tennis shoes still look good, so they must be functioning fine", or "my car starts every day, so I won't change the oil"??? As Security professionals, we all tend to work in "reactive" mode. We talk about planning and strategy, but in reality the first thing you probably did today was check email to see if anything was broken (if you didn't already get a text). 

Takeaways: 

  • A discussion on the effectiveness of your ?old? Security (People/Processes/Technology) 
  • How effective we can be as Leaders. 
  • A look at some practices that we have been told to follow, but never challenged or understood *why*

Presented by:

Scot Miller, Chief Information Security Officer, Mr. Cooper

 
 

12:10 pm - 12:35 pm

Executive Exchange

 

Executive Boardroom

Can I use my current security approach to secure the cloud?

As organizations embark on Digital Transformation initiatives to drive the speed and costs of their business operations, the increasing popularity of public clouds does not absolve security teams of their responsibility to

actively manage cloud security. Moving workloads to the cloud doesn't automatically make them more secure â?" it merely shifts the scope of required security work. But can I use my current security processes and

tools and apply them to the cloud? This session will discuss the risks and threats that organizations face as

they move to the cloud; and how current approaches can be adapted for public cloud workloads.

Executive Boardroom

IoT Devices and the challenges that come with them

Hard-coded credentials, insecure wireless communication, unencrypted personal data, unverified firmware updates, vulnerable web interfaces?" the list goes on. Every organization is in a race to be the first to deliver new products and technologies. Unfortunately, to properly secure this is never the first thought. It's not shocking that the flourishing IoT space has generated an abundance of security issues. Compromised IoT devices can allow access to data, be used as points of entry for future attacks, or act as DDoS attack drones. Home automation products and wearables open the door for personally identifiable information and other valuable data to be stolen.  

Takeaways - 

  • IoT devices are vulnerable to hackers 
  • Data security is often an afterthought for IoT makers 
  • Home automation products open the door for personal information to get stolen

 

12:40 pm - 1:55 pm

Executive Visions

Securing the Human Factor

Securing the Human Factor The biggest fear is not the technology. Who is responsible for mistakes that take place using technology, which can potentially lead to a cyberattack? The majority of CISOs agree that an employee carelessly falling victim to a phishing scam is the most likely cause of a security breach. How do we guard against human error without limiting employee efficiency and productivity?  

Takeaways 

  • Are technologies being often vulnerable to user error? 
  • Are phishing scams are the biggest culprits for breaches? 
  • Is training essential to rolling new technologies out at your organization?

Presented by:

Marty Ray, Chief Information Security Officer, Fossil Group, Inc.

 

Chris Leigh, Director & Chief of Cyber Security, Eversource Energy View details

 
 
 

2:00 pm - 2:25 pm

Executive Exchange

 

Think Tank

AI: Friend or Foe?

Advances in artificial intelligence (AI) are introducing new technologies to a wide array of products across every industry, especially cybersecurity. Facial recognition and natural language processing have become a reality thanks to deep learning algorithms, however, there is a dark side to these advancements. Cybercriminals have managed to weaponize AI to create extremely intricate malware and attack methods. This has forced organizations to use advanced heuristic solutions rather than counting on known vulnerability and attack signatures. 

Takeaways

  • Artificial Intelligence products are already being deployed in many industries
  • Features like facial recognition and chat bots are common examples
  • Cybercriminals can weaponize this technology without proper security measures

Presented by:

Gunter Ollman, CSO (Cloud and AI Division), Microsoft Corporation

 

Think Tank

Going Mobile, Securely

The average employee uses at least 3 different mobile devices to access business data. This number has risen and so has the amount of company data that is being stored on each device. Each device represents another endpoint that needs to be secured. While mobile malware threats are low, it's expected that there will be a rise in data breaches directly related to mobile devices. Providing access to company data via a secure web application infrastructure with real-time vulnerability management is one way of reducing risk with mobile devices. 

Takeaways  

  • Mobile devices are generally considered safe means to access business data
  • Employees use an average of three mobile devices, each is its own security challenge
  • Data breaches through mobile devices are expected to increase

Presented by:

Brenda Bjerke, Senior Director, Information Risk Management, Target

 
 

2:30 pm - 2:55 pm

Executive Exchange

 

Thought Leadership

 

3:00 pm - 3:25 pm

Executive Exchange

 

Executive Boardroom

 

Executive Boardroom

 

3:25 pm - 3:35 pm

Afternoon Networking Coffee Break

 

3:40 pm - 4:05 pm

Executive Exchange

 

Think Tank

MSSPs: The impact of Force Majeure (Bonus feature: MSSPs are a TARGET!)

To extend your organization's security capability, and perhaps to maximize resources, your organization has opted to partner with a managed security services provider. While this decision does provide an affordable information security infrastructure, the decision does not come without risk. Natural disasters, cybersecurity incidents, operational impacts, and even previously unaccounted for events; i.e. pandemics, could create a barrier that would prevent a MSSP from continuing to serve their clients. Further, because of the nature of the services MSSPs provide, they are likely targets for bad actors looking for a big payout. As a security leader who has chosen to partner with an MSSP, it is crucial to plan for unforeseeable circumstances that could prevent your MSSP from fulfilling their services or contractual obligations. How would your business be impacted by an unforeseen failure of your MSSP, and how would you ensure that your organization is able to continue to protect your organization? How does an organization prepare for these circumstances and still provide security with their internal security personnel? 

Takeaways: 

  • Proper due diligence is imperative when choosing a MSSP, ensuring geographically dispersed Security Operation Centers, robust controls and technology
  •  Treat your MSSP as a partner vs. an outsourcer 
  • Clearly define what you want to monitor and measure 
  • Retain in-house cybersecurity talent â?" select which services it makes sense to assign to your MSSP, for example incident detection and response 
  • On-board your MSSP so they have an appropriate understanding of your environment >

Presented by:

Jim Kastle, CISO, Conagra Brands View details

 
 

Brian Hall, Head of Cyber Security Operations and Architecture, Conagra Brands

 

Julie Morrison, Head of Risk Management & Third-Party Cybersecurity Oversight & Governance, Conagra Brands

 

Think Tank

Data Encryption, Bulking up!

Since cyber attacks have gotten more sophisticated over recent years, a growing number of data-encryption advancements have followed suit. We're seeing many encryption advancements to help stay ahead of security threats. These include leading privacy technologies, ring signature and zero-knowledge proof and distributed ledger technologies. When these technologies are used in combination with one another, not only is full or partial data anonymization achievable, but data and identity verification is also automated.

Presented by:

Chris White, Deputy Chief Information Security Officer, Interpublic Group of Companies

 
 

4:10 pm - 4:35 pm

Executive Exchange

 

Executive Boardroom

Executive Boardroom

 

4:40 pm - 4:50 pm

What's the Next Stop On the Transformation Journey?

Our Governing Board will summarize the learnings from the day and discuss the path forward for building an ongoing community of CISOs, where common issues can be addressed and success stories can be shared. 

Takeaways: 

  1. Building an ongoing community with your peers can be an invaluable resource for tackling the digital transformation projects ahead of you
  2. Sharing stories of success (and failures) is not reserved to a one-day CISO Summit, but should be shared on a regular basis with your peers
 

4:50 pm - 5:00 pm

Closing Remarks

 

5:00 pm - 6:30 pm

Summit Happy Hour

 

6:30 pm - 8:30 pm

Networking Dinner

 

8:30 pm - 10:00 pm

After Dinner Networking & Entertainment